Description

Cross-site scripting (XSS) vulnerability in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the "Title of your FAQ" field in the Configuration Module.

Remediation

References

CVE-2017-14619

Related Vulnerabilities

Beego Framework CVE-2022-31259 Vulnerability (CVE-2022-31259)

WordPress Plugin WP AmASIN-The Amazon Affiliate Shop Directory Traversal (0.9.6)

WordPress Plugin The Official Facebook Chat Security Bypass (1.5)

Apache Tomcat Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2024-52316)

WordPress Plugin VideoWhisper Video Presentation 'vw_upload.php' Arbitrary File Upload (3.17)

Severity

Medium

Classification

CVE-2017-14619 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities